 I received a request from @ghost today to add #LDSignatures to @fedify for compatibility with #Mastodon, as Mastodon does not plan to implement Object Integrity Proofs (FEP-8b32) for the near future. 😩 However, Mastodon's implementation of LD Signatures does not even use valid JSON-LD properties (despite the name), so I'm not sure how to make it compatible with Mastodon since #Fedify does JSON-LD processing. 🤔 15 comments
 @hongminhee hey @thisismissem, @andypiper what do yall think of this situation? where are we going here? I keep seeing dev after dev complain about the JSON-LD issue with Mastodon and I personally dont even know where to stand on it but it seems its a major hurdle.  @liaizon @hongminhee @thisismissem I think it may be something long-standing here, is there an existing GitHub issue where I can get more background? I know it’s pretty complicated at this point though. @liaizon @hongminhee @thisismissem (also asking as I’m on my phone walking right now and can’t search so easily!)  @andypiper @liaizon @hongminhee the version of JSON-LD Signatures that mastodon supports is old, basically they implemented it, then the spec completely changed. That's why stuff doesn't look right. The question is then: how do you migrate forwards without breaking compatibility with existing deployments. That's gonna need time & money thrown at the problem to solve. @thisismissem @liaizon @hongminhee agreed that it will take a while to resolve things due to the scale of the deployments.  @thisismissem @liaizon @andypiper @hongminhee FEP-8b32 is designed to be compatible with existing implementations. The upgrade path for Mastodon may look like this: 1. Support multiple public keys per actor @liaizon @hongminhee @thisismissem no promises on how quickly this can be resolved, but it is in progress. It needs more work and probably backporting etc. https://github.com/mastodon/mastodon/pull/31871  @hongminhee will @Mastodon lack of support for the AP standards slow the adoption of the fediverse? TrueFans are new to developing with AP. We use @fedify who have made it super easy but we wanted to use the "Listen" verb from the AP vocabulary but no AP client supports it. Mastodon doesn't for certain which is probably why other AP clients don't. We also wanted to use the 'Summary' verb but Mastodon kept marking our notes as sensitive another bug not fixed.  @hongminhee @ghost @fedify these properties should be part of the @hongminhee @ghost @fedify will have a deeper look and write tests when i have time, but this should be addressed by https://github.com/mastodon/mastodon/pull/31871  Smithereen (I'm writing this from it) also does JSON-LD processing but also supports LD signatures. I don't understand what's the problem here — imo you aren't supposed to LD-process the signature itself. I remove it before any LD processing and treat it as a separate object passed alongside the main one. @hongminhee Do they want LD signatures in Fedify in order to process forwarded Create activities? I simply fetch |
Gregory's Server
As the creator of Fedify, I'd like to see either ActivityPub implementations all deal with JSON-LD properly, or the ActivityPub spec gives up on JSON-LD. 😩